A new report published by the BBC highlights a growing need to expand cyber security provisions to prevent data theft, often conducted by illegal hackers based overseas.
MI5, The Security Service, reports that:
- Scam social media profiles have targeted 10,000 UK citizens.
- Fraudulent activity has occurred on sites such as Facebook and LinkedIn.
- Victims are encouraged to share sensitive information (often without realising).
In response, an app called Think Before You Link is one example of app development that combats the key threats in the digital age, demonstrating the vital importance of revisiting security measures that may have become redundant.
Innovation vs International Fraud
This newest illegal activity follows a familiar pattern of establishing relationships with unsuspecting targets, often specifically selected as somebody who may have access to valuable data.
Examples include a former civil servant with a level of security clearance, approached and convinced – after a dialogue – to travel abroad to attend a fictitious meeting.
The criminal purports to have shared contacts in many cases, fostering a false sense of security and familiarity.
Groups most likely to be targeted in this way include:
- Government employees
- Business people in the tech sectors
- Academic professionals
Companies and organisations in these fields must step up their security safeguards and ensure their digital assets and apps have sufficient defences to prevent such breaches.
How Does the Think Before You Link App Work?
The Think Before You Link app, provided by the Centre for the Protection of National Infrastructure, is intended to meet the need in an accessible way, setting a benchmark for other enterprises to follow.
- Access to case studies demonstrating examples of espionage to raise awareness.
- Interactive education resources to increase knowledge.
- A graphic review tool to reverse image search a questionable profile.
- Reporting functions to raise the flag where a suspicious person has made contact.
To incentivise users, the app includes digital rewards such as certificates and trophies, presented when a user completes a task such as following the modules in a digital learning course.
Assessing the Data Breach Risk of Business Social Networking
There isn’t one universal solution since the threat level will vary between businesses – but those in defence, infrastructure, education, procurement or communications seem to be most exposed.
Many experienced professionals assume that they will instantly spot a phishing attempt.
Still, these scams have become extremely advanced and can involve several layers of identity theft to convince even alert individuals that they are authentic:
- Messaging apps (including WhatsApp, Messenger and LinkedIn) are frequently used by phishing hackers, such as a coordinated attack launched in 2020 by a hacking group linked to the Iranian government per Data Breach Today.
- Most successful phishing attempts aren’t delivered via obvious emails or attachments with an embedded virus but involve a gradual approach to build trust over time.
- Massive amounts of data extracted from social media are traded on the Dark Web. A social media data broker revealed that cybercriminals had bought 235 million user profiles for password theft, phishing scams, and credential impersonation.
The question is now how other private organisations will meet this safety threat and ensure their systems and personnel are protected from attempts to extract information through unconventional communication channels.
How to Protect Your Organisation From Phishing, Theft and Digital Scams
Several approaches are available, harnessing the power of innovation to meet digital criminals in their own space.
One caveat is that as governments roll out AI and deep fake technology, it might become easier to create manufactured identities – although the intention might be the opposite!
- Training simulations to test responses, using video case studies or ‘live’ examples to educate employees and managers about the risks of their online interactions.
- Incorporating Dark Web trackers to scan for employee credentials or business information circulating online (particularly data restricted to administrative access).
- Password and access management apps or login systems, with security identity controls to prevent stolen passwords from being used.
- Adding two-level authentication to business networks ensures that credential or password theft attempts cannot succeed.
- Building business-specific applications with robust security protocols and proactive monitoring to raise the alarm if any attempted breach occurs.
If you would like to investigate the opportunities for your company to circumvent this new wave of phishing attacks, Averment can help.
Our skilled technical teams specialise in Mobile Applications for scalable businesses, Software Support, including integration and replacements of outdated legacy software, and Web Applications bespoke to your organisational needs.
As with any new digital crime, the key is to take action now and build preventative defences against illegal activity – before it becomes business-critical.